Skip to content
This repository has been archived by the owner on Dec 5, 2023. It is now read-only.
/ cheetah Public archive

A STARK-friendly elliptic curve defined over a sextic extension of a small prime field.

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
38 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

toposware/cheetah

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

212 Commits
.github
.github
 
 
benches
benches
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE-APACHE
LICENSE-APACHE
 
 
LICENSE-MIT
LICENSE-MIT
 
 
README.md
README.md
 
 

Repository files navigation

Cheetah 🐆

codecov example workflow

NOTICE

This repository is unmaintained and therefore publicly archived. If you have any interest in the Cheetah curve or the work from its associated preprint eprint.iacr.org/2022/277 on extension-based elliptic curves, feel free to contact the authors at "research [at] toposware [dot] com".

This crate provides an implementation of the Cheetah curve over a sextic extension of the prime field Fp, with p = 264 - 232 + 1.

  • This implementation can be made no_std by relying on the alloc crate instead.
  • Arithmetic operations are all constant time unless "_vartime" is explicited mentioned

WARNING: This is an ongoing, prototype implementation subject to changes. In particular, it has not been audited and may contain bugs and security flaws. This implementation is NOT ready for production use.

Features

  • std (on by default): Enables use of the Rust standard library.
  • serialize (on by default): Enables Serde serialization.

Description

Cheetah is a STARK-friendly elliptic curve defined over a sextic extension of Fp, p = 264 - 232 + 1 defined by E: y^2 = x^3 + x + B with B = u + 395 where

  • u^6 - 7 = 0 is the polynomial defining Fp6 / Fp

Cheetah defines a subgroup G of prime order

q = 55610362957290864006699123731285679659474893560816383126640993521607086746831

of 255-bits.

The extension Fp6 has been specifically constructed with a sparse polynomial of the form X^6 - A, where A is a small quadratic and cubic non-residue. The current implementation may however not be fully optimal with respect to the number of multiplications in the base field.

The Cheetah curve has been generated with the Sagemath utility script sextic_search.sage available here.

Curve security

Elliptic curves based on extension fields may suffer from specific attacks that do not apply to common elliptic curves constructed over large prime fields and may outperform regular Pollard-Rho attacks, and hence require more scrutiny when evaluating their estimated security level. To verify the security level of Cheetah against generic attacks as well as cover and decomposition attacks, please use the Sagemath utility script verify.sage available here.

License

Licensed under either of

at your option.

About

A STARK-friendly elliptic curve defined over a sextic extension of a small prime field.

Topics

rust cryptography curve elliptic-curve

Resources

Readme

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT

Code of conduct

Code of conduct
Activity
Custom properties

Stars

38 stars

Watchers

7 watching

Forks

3 forks
Report repository

Releases

No releases published

Contributors 3

  •  
  •  
  •  

Languages